I've been wondering about how large online software companies, specifically those based around a single massive product, like Google, Facebook, Yahoo, etc. handle the risk of terminated employees. Any ...

Our new startup is required to jump through hoops in order to get authorization to use Experian. We are working out of WeWork (shared space). No experian data is stored on our local machines.
We do ...

Since laptop and other electronic device seizures at US borders became legal without a warrant (including making copies of data), 7% of ACTE's business travelers reported being subject to a seizure as ...

I'm building a software that requires a lot of security for the data. The user data in essence is very sensitive. So we are building a lot of encryption, 2 step authentication, app call tokenization ...

Acceptable Use Policy (AUP) is a set of constraints and practices that users must agree and sign off to access the corporate network, endpoints, applications, and the Internet.
Information Security ...

We're trying to implement a patch schedule in our environment for both linux and windows systems.
I'm curious to hear how often other enterprise companies are patching their servers so we can get an ...

as part of security awareness for the company, I am looking for something that I could use to spread the awareness. Maybe a web based application/portal which I can create quiz forms easily or share ...

Do U.S. based companies or corporations generally have policies restricting their security staff to certain nationalities or are they generally open to all qualified persons regardless of citizenship?
...

The run down:
Windows Server A (from here on referred to as 'the server') exists on the corporate network (ref as Corporate).
A separate physical network exists for the Telecommunications Department ...

Having a backdoor account (that is a username/password that can login in to an administrative account on all machines) can be very useful for IT staff. However, some believe it's a security breach. ...

If i were to propose a change in my company's information security infrastructure, how does that proposal get processed up the corporate hierarchy? For example, does the proposal reach the VP of IT ...

I saw a hot network question on SE, about Workplace Ethics - Do I give my password at work to my old boss after quitting?. My initial response (as are the answers in that question) is always NO. The ...

I've been asked why do we trust organizations that certifies ISO 27001? From where did they get the authority and recognition to be able to certify ISO 27001?
For example, I can start a certification ...

My Corporate Network was always being monitored, but a few days ago they started to block and censor all HTTPS traffic.
Recently IT guys forged certificates for all major HTTPS web sites and acts as a ...

When clients (which are using both Linux and Windows) block all incoming traffic in a network, and the router is also blocking all incoming traffic, are we (almost) 100% secure? Maybe excluding silly ...

This is my first question and I dont even know if it is the right place. If this is an off-topic just mark it as off-topic, don't go crazy and downvote. :P
But how can I detect if my browser is not ...

On a large project, my company is responsible of administering the internal servers where applications used within the intranet are installed. One of our sites are accessible from outside but we do ...

I'm a part of a software start-up. I've the role of IT admin as well as requirement gathering (business analysis). Right now we're a team of seven people and we all are in the 'core team'. Now we're ...

Have any of you security professionals been able to get security performance metrics into reviews that managers conduct for their employees? If so, are there any helpful resources you could share to ...

Security and usability are often colliding. When it comes to locking screens on workstations after a certain amount of inactivity this is definitely the case and complaints have to be expected from ...

I'm working on access control system and on analysis tools for reasoning on it. In A.C. system based on policy, think about XACML specifications, the overall behaviour of the system cannot be clearly ...

When building a security policy (and implementing it) you must know who you are defending against. I would like to use proper terms, if they're already defined. I'm imagining a list such as:
Passive ...

This issue is more political than technical.
The organization has a lot of computers that connect via web browser to a central database. Customers are regularly left unattended with physical access ...

Would it be justified for a business that is behind a SOHO router\WIFI to run a firewall such as PFSense, or is the firewalling capabilities in the router "good enough".
For the most part the router ...